why the rise of devops and devsecops mandate network ......network virtualization automation many...

©2019 VMware, Inc.

Vincent Han, VMware, Inc.Robert Alvianus, VMware, Inc.

#vFORUM

Why the Rise of DevOps and DevSecOps Mandate Network Virtualization

Confidential │ ©2019 VMware, Inc.

©2019 VMware, Inc.

Agenda

3

1. What has changed and Why?

2. VCN & Network Virtualization

3. Network Automation Demo

©2019 VMware, Inc. 5

Traditional Transportation Company

Traditional Hotel Company

Modern Transportation company

Modern Hotel Company

Sto

ck P

erf

orm

an

ce

B

illio

n$

Time

Agility

Value Creation

Digital Transformation


Mistakes

Value Disintegration

Financial company

Entertainment company

Retail company

Time

Sto

ck P

erf

orm

an

ce

B

illio

n$

Security BreachLoss of content

Site Down


Future

Legacy

Mistakes?

Automated Workflows

Automating and managing exceptions

Integrated StackVCF, VMC, Cloud IaaS

AgilityPeople ProcessesTech

Doing a set of tasks

Ticketing systems

Disjointed ComponentsCompute, Storage, Networking

Future

Legacy


Siz

e o

f C

ha

ng

e

ChangingApps are

Monolithic Development: Long cycle

Frequency of deployment


Then Now

Monolithic Development: Long cycle

ChangingApps are

Legacy Apps

Cloud native apps

High touch / High value

Perceived to be understood

Risk analysis / Preventive measures

Low touch / Difficult to assess value

Not understood

Risk what??

IT time scale Dev time scale

On-prem / Perimeters Multi-cloud / Borderless

Siz

e o

f C

ha

ng

e

Frequency of deployment


Networking


What is

Networking?

IdentityIP, DNS, Certificates

Client Server

ConnectivitySwitches and routers

Scale LB, GSLB

SecurityFirewall, IPS, VPN, WAF…


What is

Networking?

IdentityIP, DNS, Certificates

ConnectivitySwitches and routers

Scale LB, GSLB

SecurityFirewall, IPS, VPN, WAF…

Complex

Too many knobs

Error prone

Fails catastrophically


Is this Network Going to

Support Agility?


Network VirtualizationSimplification and Isolation

Complex and fragileFailure in one place causes systemic failure

Simplified and isolatedFailures are contained

NSX Abstraction

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS


Network VirtualizationAutomation

Many KnobsLots of automation points that must work together

Lack of isolation exposes to global failures

Application centric automationUnified view of App, Infrastructure and Security

Network Virtualization contains misconfigurations

NSX Abstraction

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

Automated processes

many points to manage

App and Network not fully integrated


Network VirtualizationSecurity

Network Appliances? Intrinsic SecurityService Firewall

NSX Abstraction

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS

VS


BRANCH

BRANCH

EDGE/IOT

TELCO/NFV

BRANCH

BRANCH

DCDC

DC

EDGE/IOT

PUBLIC CLOUD

PRIVATE CLOUD

Virtual Cloud Network

Virtual Machines | Containers | Bare Metal

vSphere

Data Center | Cloud | Branch


The Foundation of the Virtual Cloud Network

VMware NSX Portfolio

NETWORK AND SECURITY VIRTUALIZATION

Security Integration Extensibility Automation Elasticity

NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION

vRealize AutomationEnd-to-end workload automation

Network InsightNetwork discovery and insights

Cloud-Based Management Workflow Automation Blueprints / Templates Insights / Discovery Visibility

Advanced Load Balancing

Multi-cloud Load Balancing, Security and

Analytics

AppDefenseModern application

security

NSX Data CenterNetworking and security for data center workloads

NSX CloudNetworking and

security for Public Cloud workloads

NSX SD-WANby VeloCloud

WAN connectivity services


Virtualization Layer

NSX Data Center

DATA CENTER

NSX Platform

vSwitch

Workloads


NSX Data Center Solutions

Service-Defined Firewall

Multi-Cloud Networking

Network Automation

Cloud-Native Networking


VMware NSX-T: Single Heterogeneous SDN Platform

Connectivity

Logical L2 / L3 across any workload

L2 stretch and L3 route/policy-based VPN

Security

L4 / L7 distributed & edge firewall

ADC with built-in WAF

Third party service insertion

Operations

Single, consistent, declarative policy that spans multi-cloud

Logging / auditability to meet varying compliance requirements

Policy-based networking and security and operational consistency

On-Premises Data Center

ADC / WAF

VPN(L3 / L2)

3rd Party Service Insertion

DFW / Edge Firewall(L7 / L4)

Logical L2/ L3

Bare-metalVMsPhysicalSwitchesContainers

DMZ


NSX – A Powerful Enabler

Service-Defined Firewall

Multi-Cloud Networking

Network Automation

Cloud-Native Networking

©2019 VMware, Inc.

Infrastructure and Apps Are Subject to Wait

WaitWait

Infrastructure Service DeliveryDays

Application and Change DeliveryWeeks

WorkWaitWaitWaitWorkWait

Changes

Private Clouds

Public Clouds

Hybrid CloudVMware &

vCloud Data Center Partners

Virtualized InfrastructureAbstract & Pool

Compute Abstraction =

Server Virtualization

Network

Network Abstraction =

Virtual Networking

Storage

Storage Abstraction =

Software-Defined Storage

Compute

Physical Hardware


NSX can be consumed in a variety of manners:

NSX consumption built for Automation

User

NSX Integration

OpenStack

vRealize Automation

Terraform / Ansible

Kubernetes / PAS / PKS /OpenShift

More…

vCloud Director

NSX Managers

vSphere and KVM Hypervisor

Centralized Management Plane

Distributed Networking Topologies


How do you automate infrastructure in an application rollout?

Network Infrastructure as Code: API Simplicity

Traditional Network Automation

Config…

VLAN (multiple switches)

IP subnet (Router)

Security Policy (Firewall)

NAT service (Router)

Load Balancing (ADC)

Standardized API ONE JSON File

POST/GET Logical Switch(~12)

POST/GET Tier-1 Router(~2)

POST/GET NSGroups(~3)

POST DFW-Section(~2)

POST EDGE Firewall (~2)

POST NAT (~2)

POST LB Config (~10)

Automation with NSX

PATCH

https://<ip>/policy/api/v1/infrra

{

desired outcomehuman-readable JSON

}

…Taken to a New Level

Scripting


Modern Application Services - Catalog

• One-Click Application - Order with Networking and Security

• Automated IP Addressing

• Networking and Security via NSX API

• Integration with other enterprise services, e.g. AD, IMS, Ticketing, Inventory etc. with vRO extensibility services

…

• Automatic Cleanup With App Disposal

vRealize Automation Catalog

Catalog


Modern Application Services - Blueprint

• Define Once – Multiple Use

• Deployment Time Options for Users

• Support for Multiple Network Topologies

• Repeatable Deployments

• From Single Machine to Multi-Tier Applications

• Security and Load balancer services offered

vRealize Automation Design Canvas

Blueprint

©2019 VMware, Inc.

Modern Application Services – Catalog of Blueprints

Define Once – Multiple Use

Deployment Time Options for Users

Support for Multiple Network Topologies

Repeatable Deployments

From Single Machine to Multi-Tier Applications

• One-Click Application -Order with Networking and Security

• Networking and Security via NSX API

• Automated IP Addressing

• Automatic Cleanup With App Disposal

Blueprint Catalog

• Integration with other enterprise services, e.g. AD, IMS, Ticketing, Inventory etc. with vRO extensibility services


Dynamically configure NSX-T logical Services

Cloud Automation with NSX-T Data Center

NSX-T Services vRealize Cloud Automation On Demand Application and Network Delivery

DHCP

NAT

Distributed Firewall

Routing

Service Catalog

Blueprint

Endpoint Management

Cloud Resources

Network profile

Cloud Management Platform

Web

App

Db

Web

App

Db

Web

App

Db


Summary

IT/Network team

Security team

Developerteam

DevOpsteam


How to get started

Resources

LEARN TRY

nsx.techzone.vmware.com

CONNECT

TRY

@VMwareNSX#runNSX

Learn ConnectTry

Design Guides Demos

Take a Hands-on Lab

Join VMUG, VMware Communities (VMTN)

why the rise of devops and devsecops mandate network ......network virtualization automation many...

Documents